BELL-CVE-2026-22017 CVE-2026-22017 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-22002 CVE-2026-22002 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-22005 CVE-2026-22005 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-34267 CVE-2026-34267 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-22001 CVE-2026-22001 does not affect BellSoft software

Bulletin has no description...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the PageRules::create process in the page rules component. An attacker can publish a page without the required status-change permission by creating it as a non-draft. This lets a user who is allowed to create...

EUVD-2026-25391

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Redirect parameter on login page is vulnerable to reflected XSS. The patch in commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6 fixes the issue by restricting...

CVE-2026-33318 Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

EUVD-2026-25345

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

CVE-2026-42095

CVE-2026-42095 affects bookserver in KDE Arianna up to version 26.04.0 (pre-26.04.1). Affected component allows an attacker with local access to read arbitrary files by guessing a URL over a socket connection, as described in the vulnerability description. Root cause: insufficient access control ...

PT-2026-37177

Name of the Vulnerable Software and Affected Versions Avo versions prior to 3.31.2 Description A broken access control issue exists in the ActionsController due to insecure action lookup logic in the action class function. An authenticated user can execute any Action class that descends from...

PT-2026-34876

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

CVE-2026-41348 OpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash Commands

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...

CVE-2026-33318

creationtimestamp| type| source ---|---|--- 2026-04-23 20:22:56+00:00| published-proof-of-concept| https://github.com/actualbudget/actual/security/advisories/GHSA-prp4-2f49-fcgp 2026-04-24 03:56:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk7n2kb7sz2z 2026-04-24...

Exploit for CVE-2025-5880

CVE-2025-5880 — Whistle 2.9.98 Path Traversal PoC !Python...

MAL-2026-3020 Malicious code in @bitwarden/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6fb2336936a86f37fc2018f8e68dc9989ffc3e79aa23297bf470de178201f50 The package @bitwarden/cli was found to contain malicious code. Source: ghsa-malware 8a8c7958926d5ec3795102e9114dfaa649ae3160afb9159ec2c46f044018b776...

Important: Red Hat Security Advisory: RHOAI 2.25.5 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.25.5 provides these changes:...

CLSA-2026-1776948287 vim: Fix of CVE-2022-3234

CVE-2022-3234 fix heap buffer overflow in opreplace when replacing NUL after Tab in virtualedit mode...

EUVD-2025-209564

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

EUVD-2026-25194

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...